Review of the SEC’s Compliance with the Freedom of Information Act

September 25, 2009 Report No. 465 Prepared by: Elizabeth A. Bunker, Contractor

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION
WASHINGTON , D.C.
O "' '' I CE 0 ". IN S PE CTO FI G ENERA L

20549

MEMORANDUM
September 25, 2009 Mary L. Schapiro, Chairman David M. Becker, General Counsel, Office of the General Counsel Mary S. Head , Director, Office of Investor Education and Advocacy H. David Katz, Inspector General, Office of Inspector General (Ol ~~
Review of the Securities and Exchange Commission's Compliance with the Freedom of Information Act, Report No. 465

To:

From:
Subject:

This memorandum transmits the U.S. Securities and Exchange Commission , OIG's final report detailing the results of the review of the Commission's FOIA function . The review was conducted by the OIG as part of the OIG's continuous efforts to assess management of the Commission's programs and operations and was based on our audit plan.
This report contains 10 recommendations that were developed to strengthen the Commission's FOIA function and processes. The Office of the Chairman concurred with 8 recommendations that were directed to its office. The Office of the Chairman partially concurred with recommendation no. 3. While this recommendation was directed to the Chairman's office, it was responded to by the Office of General Counsel. The Office of General Counsel also partially concurred with recommendation no. 5 which pertained to its office. Based on the written comments that were received and our assessment of the comments, we revised the report accordingly. Within the next 45 days, please provide OIG with a written corrective action plan that is designed to address the agreed upon recommendations. The corrective action plan should include infomnation such as the responsible official/point of contact, time frames for completing the required actions, milestone dates identifying how you will address the recommendations cited in this report, etc. Should you have any questions regarding this report, please do not hesitate to contact me. We appreciate the courtesy and cooperation that you and your staff extended to our contractor. Attachment Kayla J. Gillan, Deputy Chief of Staff, Office of the Chairman cc: Diego Ruiz, Executive Director, Office of the Executive Director Jayne L. Seidman, Chief FOIA Officer, Office of the Executive Director
Review of the SEC's Compliance with FOIA Report No. 465 September 25, 2009

,. ,

Page i

I I

I..

Review of the Securities and Exchange Commission’s Compliance with the Freedom of Information Act Executive Summary
Background: The Freedom of Information Act (FOIA or Act), was enacted in 1966. It was amended in 1974, 1976, 1986, and most recently, in 2007 to narrow the scope of FOIA exemptions and the ability of agencies to withhold information. The Act provides that any person has a right to access federal agency records, with certain exceptions, that address issues such as national security and personal rights. Pursuant to the Act, the right of access is enforceable in court. Agencies are required under the Act to respond to FOIA requests within 20working days and to notify requesters of their right to appeal a response that denies the request to access records. In a Memorandum to the Heads of Executive Departments and Agencies, issued January 21, 2009, President Obama directed FOIA to be administered with a “presumption in favor of disclosure,” which emphasizes the importance of transparency and openness in government. Executive Order 13392 “Improving Agency Disclosure of Information” was issued on December 14, 2005 (Executive Order 13392), and directs federal agencies to become more “citizen-centered and results-oriented” in responding to FOIA requests. Additionally, pursuant to the Executive Order federal agencies provide the public with information on their FOIA requests, designate liaisons to interact with the public, and appoint senior-level Chief FOIA Officers to oversee the FOIA process. Executive Order 13392 was followed by the Openness Promotes Effectiveness in our National Government Act of 2007 (OPEN Government Act), which affirmed the requirements of the Executive Order, further limited extensions to a 20-day time period, and added a new “Office of Government Information Services.” At the U.S. Securities and Exchange Commission (SEC or Commission), the Office of Freedom of Information Act and Privacy Act Operations (FOIA/PA Office) processes FOIA requests. The FOIA/PA Office receives the initial FOIA requests from the public and then identifies the appropriate Commission office or division that has the capability to address the FOIA request. The FOIA/PA Office coordinates record searches with the relevant Commission offices/divisions to provide a consolidated response to a requester. The Office of General Counsel (OGC) reviews and makes all Commission FOIA appeal determinations.

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page ii

At the end of Fiscal Year (FY) 2008, the FOIA/PA Office had 27 full-time personnel. Although the office’s total FOIA processing costs amounted to $4.29 million, it collected $62,466 in processing fees, representing only 1.45 percent of the FY’s FOIA processing costs. During FY 2008, the FOIA/PA Office carriedover 6,909 FOIA requests from the prior year, received 9,586 new FOIA requests, processed 15,596 FOIA requests, and reduced its FOIA backlog by 87 percent. As a result, 899 FOIA requests were pending at the end of FY 2008. Objectives: The Office of Inspector General (OIG) contracted with Elizabeth A. Bunker to conduct a review of the Commission’s FOIA processes and procedures. The objectives of the review were to assess the: 1. FOIA/PA Office’s compliance with applicable laws and regulations. 2. Coordination with FOIA/PA Office liaison staff, select field offices, and the Office of General Counsel. 3. Commission’s compliance with prior OIG audit recommendations. This review was not conducted in accordance with the government auditing standards. Prior OIG Audit Report. In March 2007, the OIG conducted an audit of the Commission’s FOIA backlog. The audit found that the FOIA backlog was primarily caused by a large increase in FOIA requests starting in FY 2003. The increase in FOIA requests came from commercial entities for comment and response letters that were primarily from the Division of Corporation Finance (Corporation Finance) and the Division of Investment Management (IM). In total, the March 2007 OIG report made eight recommendations (Recommendations A - H) to streamline and facilitate the FOIA process and to proactively post information for public access via the Commission’s website. We found that Recommendation G, which involved providing access to the FOIA/PA Office’s FOIAXpress tracking system, has not been fully implemented. We found that only two offices (OGC and Corporation Finance) currently use the read-only access feature of the FOIAXpress database. The other recommendations in the May 2007 OIG report were either fully implemented or the responsible office has demonstrated progress in implementing the recommendations. Corporation Finance expanded its number of staff, restructured work processes, and instituted detailed monitoring and reporting systems to ensure review and the posting of comment letters on the SEC website. IM had a smaller backlog, but also added staff and developed a tracking system to address its backlog. IM staff are also still in the process of
Review of the SEC’s Compliance with FOIA Report No. 465 September 25, 2009

Page iii

posting the prior years’ FOIA data and continue to post current filings and comment letters on the SEC’s website. Results. The OIG found that the manner that the Commission’s Chief FOIA Officer functioned was not in compliance with the requirements of Executive Order 13392 or the OPEN Government Act. Prior to our review of the FOIA program in connection with this report, the Commission had not defined any explicitly stated authorities, responsibilities, or reporting duties for the Chief FOIA Officer. During the course of this review, the SEC has taken steps to fill the Chief FOIA Officer position. Further, we determined that few FOIA liaisons have developed written policies and procedures for processing FOIA requests. This increases the risk of error and could result in information being inappropriately disclosed or the SEC could withhold information from the public that should be released. Additionally, we found that the SEC has inadequate or incorrect procedures for disclosing responsive documents that are not in compliance with Act. We also found that there is an insufficient separation of the administrative processes between the initial FOIA determination and the FOIA appeal process. In addition, SEC management has not established any comprehensive management, supervisory, or personnel practices for staff that are responsible for FOIA processing. We determined that SEC management needs to improve the skill set of FOIA liaison staff by providing them with FOIA training opportunities, updating position descriptions, and revising FOIA liaison staff’s performance standards to include FOIA liaison duties. We also determined the following:
• •

• •

Commission staff need FOIA related training that is commensurate with their level of FOIA responsibilities; Inefficient retrieval systems, voluminous paper and electronic records, and documents that are not organized for efficient FOIA review contributed to delays in processing FOIA requests; There are duplicate tracking systems that waste time and hinder the efficient processing of FOIA requests; and Only three FOIA liaisons in two offices knew they had read-only access to the FOIA request database.

Summary of Recommendations. Our report makes the following recommendations. The Chairman’s Office shall ensure that the Chief FOIA Officer has sufficient Commission-wide support to fulfill the responsibilities outlined in the OPEN Government Act and should affirm the importance of the FOIA to its mission. The Chief FOIA Officer shall address existing document review practices to enhance the maximum disclosure of responsive information, address the deficiencies identified in this report, and comply with the OPEN Government Act. The Chief FOIA Officer, in collaboration with SEC managers
Review of the SEC’s Compliance with FOIA Report No. 465 September 25, 2009

Page iv

and supervisors, should revise the position descriptions, FOIA response task descriptions, and performance standards for the current FOIA/PA staff members and liaisons. The Chief FOIA Officer should ensure that appropriate FOIA training is provided to all Commission staff concerning the responsibility to comply fully with FOIA requirements. The FOIA/PA Officer should provide assistance to the FOIA liaisons in order to incorporate the FOIAXpress tracking system capabilities as appropriate. The OGC should establish and provide a clear policy to emphasize the separation of roles and responsibilities between staff members that decide FOIA appeals and staff members that advise, counsel, or process the initial FOIA response. To support the proper role of OGC, skills of all FOIA staff should be strengthened to address the amount and quality of FOIA work demands.

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page v

TABLE OF CONTENTS
Executive Summary ...................................................................................................... ii Table of Contents ........................................................................................................ vi Background and Objectives .................................................................................. 1 Background ........................................................................................................ 1 Objectives .......................................................................................................... 5 Findings and Recommendations .......................................................................... 6 Finding 1: The Chief FOIA Officer Did Not Have Sufficient Authority to Address FOIA ................................................................................... 6 Recommendation 1....................................................................... 8 Recommendation 2 ....................................................................... 8 Finding 2: FOIA Processing Practices Need Improvement ................................ 9 Recommendation 3..................................................................... 17 Recommendation 4..................................................................... 18 Finding 3: The OGC May Not Provide an Unbiased Review of FOIA Appeals ............................................................................................ 18 Recommendation 5 .................................................................... 20 Recommendation 6..................................................................... 20 Finding 4: FOIA Responsibilities Have Not Been a Commission Priority ......... 21 Recommendation 7..................................................................... 25 Recommendation 8..................................................................... 25 Finding 5: FOIA Processing Needs Improved Information Management ......... 25 Recommendation 9..................................................................... 30 Recommendation 10................................................................... 31

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page vi

Appendices
Appendix I: Acronyms and Abbreviations......................................................... 32 Appendix II: Scope and Methodology............................................................... 33 Appendix III: Criteria......................................................................................... 36 Appendix IV: List of Recommendations ........................................................... 38 Appendix V: Management Comments.............................................................. 41 Appendix VI: OIG Response to Management’s Comments ............................. 50 Tables Table 1: Costs, Fees, and Staffing for FOIA/PA................................................. 3 Table 2: Backlog Reduction ............................................................................... 4 Table 3: Dispositions of SEC and All Federal Agencies ................................... 10 Table 4: SEC’s FOIA Exemption Denials ......................................................... 11 Table 5: Median Days Needed to Process FOIA Requests ............................. 26

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page vii

Background and Objectives
Background
The Freedom of Information Act (FOIA or Act), was enacted in 1966, and is codified in Title 5 of the United States Code, Section 552. The Act generally provides that any person has a right of access to agency records, with certain exceptions. Agency records that are not available to the public through “reading rooms,” may be made available in response to FOIA requests. All United States government agencies are required to disclose their records, or portions of the records, upon receiving a written request, except when the records are protected from disclosure under one or more of the FOIA’s nine exemptions. Pursuant to the Act, the right of access is enforceable in court. The Act also generally requires agencies to respond to FOIA requests within 20-working days and to notify requesters of their right to appeal a response denying access to records. According to the Act, “if the government can show exceptional circumstances exist and that the agency is exercising due diligence in responding to the request,” the court may allow the agency additional time to complete its review of the request. The FOIA’s nine exemptions generally cover the following information: 1) 2) 3) 4) 5) 6) 7) 8) 9) Classified national defense and foreign relations information; Internal agency personnel rules and practices; Material prohibited from disclosure by another law; Trade secrets and other confidential business information; Certain inter-agency or intra-agency communications; Personnel, medical, and other files involving personal privacy; Certain records compiled for law enforcement purposes; Matters relating to the supervision of financial institutions; and Geological information on oil wells.

The FOIA was amended in 1974, 1976, 1986, 1996, and in 2007 to narrow the scope of FOIA exemptions and the ability of agencies to withhold information. Each amendment expands the scope of information that is available to the public by the Freedom of Information Act. Changes implemented in the last decade demonstrate how Congress and recent administrations have been progressively modifying the Act to facilitate public access to agency records. • Amendments in 1996 extended FOIA’s provisions to electronic records, and required agencies to package information electronically if requested.

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 1

Executive Order 13392, “Improving Agency Disclosure of Information,” was issued on December 14, 2005 (Executive Order 13392). Executive Order 13392 promoted a “customer service” orientation to the FOIA by requiring the establishment of public liaisons, clarifying exemptions, and providing tracking numbers for consumers. Executive Order 13392 ordered agencies to designate Chief FOIA Officers and to address the FOIA backlogs of requests. Finally, the Executive Order required that agencies report specific monitoring data such as the number of days to process FOIA requests and appeals, the number of FOIA requests granted and denied, and to report progress in resolving FOIA backlogs. The “Openness Promotes Effectiveness in our National Government Act of 2007,” (OPEN Government Act), modified the FOIA by codifying into law most of the provisions of Executive Order 13392, such as the public liaisons and the Chief FOIA Officer. The OPEN Government Act further limited and defined the 20 day time period to respond to FOIA requests, and added a new “Office of Government Information Services.” Most recently, in a Memorandum to the Heads of Executive Departments and Agencies issued January 21, 2009, President Obama directed that FOIA be administered with a “presumption in favor of disclosure.” A second Memorandum, “For the Heads of Executive Departments and Agencies”, issued March 19, 2009 by Attorney General Eric H. Holder Jr., further underscored the goal of maximum disclosure in response to FOIA requests. Subsequent guidelines emphasized that the presumption of disclosure means that information should not be withheld “simply because [an agency] may do so legally.” Furthermore, when an agency determines that it cannot make a full disclosure, the Memorandum directs the agency to consider if it can make a partial disclosure.

Within the U.S. Securities and Exchange Commission (SEC or Commission), the FOIA processing function is centralized and the FOIA/PA Office processes all FOIA requests. The FOIA/PA Office receives the initial FOIA requests from the public and then identifies which office or division within the Commission should be contacted to search for records that respond to the request. Personnel in the FOIA/PA Office coordinate record searches with the relevant Commission office or division to provide a response to requesters. The OGC reviews and makes FOIA appeal determinations. Personnel in the FOIA/PA Office also record and track requests for confidential treatment, provide technical support to OGC in the event of FOIA litigation, and respond to requests for public information. As shown in Table 1, Costs, Fees, and Staffing for FOIA/PA, at the end of FY 2007 the FOIA/PA Office had approximately 28 full-time personnel, total FOIA

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 2

processing costs were $3.78 million, and the Commission collected $140,106 in fees, which was about 3.7 percent of its actual processing costs. Table 1 further shows that during FY 2008 the FOIA/PA Office had 27 full-time personnel, its processing costs were $4.29 million and the office collected $62,466 in fees, or 1.45 percent of the FY’s processing costs. Table 1: Costs, Fees, and Staffing for FOIA/PA Staffing Levels  FY 2007 
Number of full‐time FOIA/PA Office personnel  Number of personnel with part‐time or  occasional FOIA duties (In total work‐years or  FTEE*)   Total Number of Personnel (In total work‐ years or FTEE)   Total Costs (Including staff and all resources)  FOIA processing (Including appeals)  Litigation‐related activities  Total costs   Fees  Total amount of fees collected by agency for  processing requests  Percentage of Total Costs  28

FY 2008 
27 

3.81

6.75 

31.81 33.75       $3,509,418   $ 4,052,681    $   275,921   $    238,685    $3,785,339   $ 4,291,366     $   140,106  $       62,466  3.7 1.45 

Source: SEC FOIA/PA Office Annual Reports for Fiscal Year 2007 and 2008

*Full-time Equivalent Employees

Backlog Reduction
During FY 2007 through 2008, the Commission’s FOIA/PA Office’s achievements were noteworthy. Overall, the FOIA/PA Office met and exceeded the backlog goals that were established in its “Program Action Plan.” The “Program Action Plan” was required per Executive Order 13392, and was submitted to the Department of Justice. 1 These results were accomplished with no significant changes in the FOIA/PA Office’s staffing and overall costs. While other divisions within the Commission had its staff and resources increased to proactively make information readily available to the public, the FOIA/PA Office reduced its backlog and responded to new FOIA requests though neither its staff nor budget were increased. Table 2, Backlog Reduction, shows that during FY 2008, the FOIA/PA Office:

1

The SEC’s “Freedom of Information Act Program Action Plan” was initially submitted to the Department of Justice and the Office of Management and Budget on June 13, 2006. Revisions were later submitted on October 13, 2006 and February 1, 2008. Review of the SEC’s Compliance with FOIA September 25, 2009 Report No. 465

Page 3

• • •

Carried over 6,909 FOIA requests that were pending at the end of FY 2007; Received 9,586 new FOIA requests; and Processed 15,969 FOIA requests.

At the end of FY 2008, the FOIA/PA Office had 899 FOIA requests that were still pending. Table 2: Backlog Reduction Number of Initial Requests                     
Requests pending at the end of the preceding FY Requests received during current FY  Requests processed during current FY  Requests pending at the end of the current FY  

FY 2007
10,403  9,070  12,564  6,909 

FY 2008 
6,909  9,586  15,596  899 

Source: SEC FOIA/PA Office Annual Reports for Fiscal Year 2007 and 2008

Customer Service Orientation
To further address the Executive Order 13392 requirements, the Commission established a FOIA Customer Service Center (Service Center) and appointed four public liaisons in March 2006. The purpose of the Service Center and the public liaisons was to assist in reducing FOIA delays, increase transparency, to help requesters understand the status of requests, and to assist in resolving disputes. To review the Service Center’s effectiveness, we conducted telephone interviews with 10 of the Commission’s most frequent FOIA requesters. Our sample population consisted of 8 commercial vendors and 2 journalists. Universally, the requesters praised the politeness and courtesy of the FOIA/PA Office staff and noted that service improved significantly. Some referred to the FOIA/PA Office staff by name and emphasized the staff’s helpfulness and responsiveness. One commented that while the actual information received was disappointing, the staff was “wonderful, accessible, and made it clear they were doing all they could.” Another said “they are like family.” Particularly, we found that many commercial requesters described and applauded its proactive negotiations with the FOIA/PA staff, whereby the requesters could tailor their requests in order to correctly and efficiently receive information that is actually available. Other requestors agreed to submit multiple requests in smaller units over a period of time rather than submit a large number of requests simultaneously to the FOIA/PA Office. These arrangements allowed the FOIA/PA staff to respond to FOIA requests more effectively. Based on our interviews, the commercial requesters reported they were generally satisfied with the efforts of the FOIA staff.
Review of the SEC’s Compliance with FOIA Report No. 465 September 25, 2009

Page 4

The SEC Website
The SEC’s website and its policies for posting, reviewing, and updating FOIA information are consistent with Executive Order 13392. The SEC staff responsible for maintaining the website has written policies and procedures to establish performance standards that ensure information is posted on its website on a timely basis. A link to the FOIA webpage is easily accessible from the main SEC website. Updates to the “Frequently Requested FOIA Documents” a feature of the FOIA webpage, are “typically posted within 24 hours of receipt.” We found that the Commission’s website management standards exceed the requirement that quarterly reviews are conducted to assure website information is current and accurate. Instead, the Commission conducts these reviews every two weeks. In 2004 the Commission received an award for the best webpage design in the category of “Financial Services.”

Objectives
Based on our annual plan, the Office of Inspector General (OIG) contracted the services of Elizabeth A. Bunker to conduct a review of the Commission’s FOIA process and procedures. The objectives were to review the: 1. FOIA/PA Office’s compliance with applicable laws and regulations. 2. Coordination with FOIA/PA Office liaison staff, select field offices, and the Office of General Counsel. 3. Commission’s compliance with prior OIG audit recommendations.

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 5

Findings and Recommendations
Finding 1: The Chief FOIA Officer Did Not Have Sufficient Authority to Address FOIA
The role of the Chief FOIA Officer, as established by the Commission, has not been in compliance with the requirements of Executive Order 13392 or the OPEN Government Act. The Chief FOIA Officer did not have sufficient authority or accountability to address FOIA deficiencies. Both the Executive Order 13392 and the OPEN Government Act requires federal agencies to appoint a Chief FOIA Officer who has the authority to implement a wide range of management and policy objectives to ensure the agency’s FOIA compliance. While the Commission’s FOIA backlog was a focus of negative publicity in 2006, 2 the role of Chief FOIA Officer was temporarily filled by the FOIA/PA Officer, 3 who facilitated the Commission’s efforts to reduce the backlog during FYs 2007 and 2008. However, the FOIA/PA Officer did not meet the requirements of Executive Order 13392 because the Executive Order required that the Chief FOIA Officer’s position be at the “Assistant Secretary or equivalent level.” 4 In 2007, the Commission assigned the Chief FOIA Officer duty as a collateral duty of an Office Director. This person resigned from the position in June 2009, and a new Chief FOIA Officer was designated during the same month. This person is also an Office Director who serves in the Chief FOIA capacity as a collateral duty. During interviews conducted for this review, some staff indicated that they were not aware of the Chief FOIA Officer’s role. Of the 25 interviews of FOIA liaisons that were conducted (excluding the Chief FOIA Officer), few people were able to clearly state the Chief FOIA Officer’s function. In fact, some Commission’s FOIA liaisons stated they did not know there was such a position or person. The
FOIA Bombs Backlog the SEC, August 31, 2007, CFO.com: An Economist Group. http://community. dynamics.com/blogs/financeheadlines. 3 The FOIA/PA Officer is an SK-17 position, and heads the SEC’s FOIA/PA Office. This is distinguished from the Chief FOIA Officer position required under Executive Order 13392 and the OPEN Government Act, which is a more senior position and has oversight of not only the FOIA/PA program, but other duties as well. 4 Hodes, Scott A., FOIA Facts: Chief FOIA/PA Officers Named, Law and Technology Resources for Legal Professionals, February 15, 2006, http://www.llrx.com/node/1459 September 25, 2009 Review of the SEC’s Compliance with FOIA Report No. 465
2

Page 6

person appointed as the Chief FOIA Officer stated in our interview that she was aware of the lack of visibility in the position, but viewed this relative obscurity as an opportunity to explore the Commission’s compliance to the FOIA with a view toward developing a suitable role. We determined that the position did not have a position description within the personnel structure, personnel classification system, or in the Code of Federal Regulations (CFR). Furthermore, the Chief FOIA Officer has not been required to submit reports about FOIA operations to senior Commission management. Thus, the authority of the role appeared to rest in the Chief FOIA Officer’s personal influence within the Commission. Without clear authority and accountability or without senior management’s recognition, a Chief FOIA Officer may not be effective. The OPEN Government Act describes a broad set of responsibilities for the Chief FOIA Officer as follows: “Each agency shall designate a Chief FOIA Officer who shall be a senior official of such agency (at the Assistant Secretary or equivalent level). The Chief FOIA Officer of each agency shall, subject to the authority of the head of the agency shall—” (1) Have agency-wide responsibility for efficient and appropriate compliance [with the FOIA]; (2) Monitor implementation [of the FOIA] throughout the agency . . .; (3) Recommend to the head of the agency such adjustments to agency practices, policies, personnel, and funding as may be necessary to improve its implementation [of the FOIA]; (4) Review and report to the Attorney General, through the head of the agency; (5) Facilitate public understanding of the purposes of the statutory exemptions . . .; and (6) Designate one or more FOIA public liaisons.” President Obama’s January 21, 2009 FOIA Memorandum for the Heads of Executive Departments and Agencies and the March 19, 2009 Memorandum issued by Attorney General Holder to the Heads of Executive Departments and Agencies, stressed that the Chief FOIA Officers be “active participants in their agency’s FOIA operations.” Seeking to enhance the importance of the FOIA within agencies, Congress requested that the Office of Personnel Management (OPM) submit a report with recommended changes in personnel policies to enhance the stature of government employees who are involved in administering the FOIA. 5 Congress
5

OPEN Government Act: §11: Report on Personnel Policies Related to FOIA.
September 25, 2009

Review of the SEC’s Compliance with FOIA Report No. 465

Page 7

requested that the OPM consider changes to personnel policies to provide greater encouragement to employees with FOIA responsibilities including performance evaluations, pay, promotions, and training. In its response, the OPM declined to make recommendations, but in recognition of the concern expressed by Congress and FOIA professionals, issued a letter that stated: The challenges identified by the FOIA community center around lack of senior leadership support. These issues are appropriately addressed through management direction and are within the control of individual agencies. 6 It appears this statement is an apt description of the past condition of the Chief FOIA Officer’s role in the SEC. During the course of this review, the SEC reconsidered the position of Chief FOIA Act Officer and created a full-time senior officer level position, for which a new position description was written and a vacancy advertised. 7 Applications for the position were accepted by the agency between July 14, 2009 and July 28, 2009. A review of the position description shows that the responsibilities identified in the OPEN Government Act are now described in the position description. The position description includes agency-wide responsibility for coordinating the Commission’s FOIA/PA policies and procedures. As a senior officer, the Chief FOIA Officer will monitor, report, and advise the head of the Commission concerning FOIA compliance. The position description, if observed, will now meet the specifications of the OPEN Government Act. As of this date, the position has not yet been filled. Recommendation 1: The Chairman’s Office shall fill the Chief FOIA Officer position with a qualified candidate and ensure that the Chief FOIA Officer has the appropriate authority to implement FOIA and to effectively fulfill the responsibilities outlined in the OPEN Government Act of 2007. Recommendation 2: The Chairman’s Office shall communicate on an ongoing basis to Commission employees and the public the importance of the Freedom of Information Act (FOIA) to the agency’s mission. This can be accomplished by updating the Commission’s FOIA webpage to emphasize the importance of FOIA to the public,
6

Michael W. Hager, Acting Director, United States Office of Personnel Management, December 16, 2008. http://www.accesspro.org/OPM_ReportCongress_121608.pdf 7 This position was advertised by the SEC as a “Chief FOIA/PA Officer,” however, in order to avoid confusion with the SK-17 FOIA/PA Officer, for purposes of this report, we will refer to the senior officer position the way it was referenced in Executive Order 13392, as “Chief FOIA Officer.” Review of the SEC’s Compliance with FOIA September 25, 2009 Report No. 465

Page 8

and by issuing an SEC Administrative Notice to Commission employees on an annual basis.

Finding 2: FOIA Processing Practices Need Improvement
There are inadequate or incorrect procedures for determining whether potentially responsive documents exist and how exemptions, such as Exemption (b)(7)(A), are applied, which have the effect of creating a presumption in favor of withholding, rather than disclosure, as required by the FOIA. Few FOIA liaisons have written policies and procedures for processing FOIA requests, thus increasing the risk of errors resulting in the inappropriate disclosure of information, or unnecessarily withholding information.

The Presumption of Non-Disclosure
We reviewed data that measured the Commission’s compliance with the FOIA and found that in all FOIA request disposition categories, the Commission’s overall rate was significantly lower when compared to all other federal agencies. Table 3, FOIA Dispositions by SEC and All Federal Agencies, is based on the 2008 reporting guidelines that separate Privacy Act requests from FOIA requests making the data in the table comparable across all agencies. Table 3 illustrates the SEC’s disposition of FOIA requests in comparison to ”All Federal Agencies,” as reported in the SEC’s Freedom of Information Act Annual Reports for FY 2008 (Annual Reports). The table shows that the SEC made “full grants” and “partial grants” 10.5 and 2.9 percent of the time, respectively. In contrast, “All Federal Agencies” reported making “full grants” and “partial grants” of information 41.8 and 18.7 percent of the time, respectively.

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 9

Table 3: Disposition of SEC and All Federal Agencies’ FOIA Requests in FY 2008 Percent of  Percent of   All Federal  All Federal  Disposition of  SEC   SEC Processed  Agencies   Agencies  FOIA Requests  FY 2008  Requests  FY 2008  Processed  Requests 
Granted in Full  Granted in Part  Denied in Full  No Information  Found  Total Closed  1,635  453  612  8,764  15,596  10.5  2.9  3.9  56  ‐‐  260,594  117,032  25,549  81,238  623,186  41.8  18.7  4.0  13.0  ‐‐ 

Source: SEC FOIA/PA Office Annual Reports for FY 2008 and the FOIA Post 2009: Summary of Annual FOIA Reports for FY 2008

Table 3, also shows that the SEC reported “No Information Found” 56 percent of time, in comparison to “All Federal Agencies” reporting 13 percent in the same category. Our review of the data summarizing request denials showed that while the percentage of denials the SEC reported in its FY 2008 Annual Report are similar to the percentages that are reported by other federal departments and agencies, the exemption most cited for denials in other federal agencies was Exemption 6, which protects matters of personal privacy. In comparison, the SEC cited Exemption (b)(7)(A), “Interference with Law Enforcement Proceedings” most frequently for denials. 8 Below, Table 4, SEC’s FOIA Exemption Denials, shows the number of FOIA requests that were denied in FY 2007 and 2008 claiming one or more of the nine exemptions. Specifically, the Commission issued 865 and 1,192 exemption denials in FY 2007 and 2008, respectively.

5 U.S.C. §552: (a) “Each agency shall make available to the public information . . . (b) This section does not apply to matters that are . . . (7) records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information (A) could reasonably be expected to interfere with enforcement proceedings. . . .” Review of the SEC’s Compliance with FOIA September 25, 2009 Report No. 465

8

Page 10

Table 4: SEC’s FOIA Exemption Denials Exemption 
(b)(1) National security  (b)(2)  Records related solely to internal rules and practices  (b)(3)  Law specifically exempts the material from disclosure  (b)(4)  Trade secrets and other confidential business  information  (b)(5)  Deliberative process privilege, pre‐decisional  (b)(6)  Information about individuals  (b)(7)(A)  Interference with law enforcement proceedings  (b)(7)(B)  A person would be deprived of a fair trial  (b)(7)(C)  Unwarranted invasion of personal privacy  (b)(7)(D)  Confidential source  (b)(7)(E)  Techniques and procedures for law enforcement  investigations  (b)(7)(F)  Endangering the safety or life of any individual  (b)(8)  Examination of banks and other financial institutions  (b)(9)  Geological and geophysical information  Total Number of Exemption Denials 
Source: SEC FOIA/PA Office Annual Reports for Fiscal Year 2007 and 2008

FY 2007 
0  47  1  132  46  70  518  0  34  0  0  0  17  0  865 

FY 2008 
0  46  8  160  83  72  705  0  70 


5  0  42  0  1,192 

The SEC’s FOIA process denied the disclosure of information due to exemption (b)(7)(A) in 67 percent of all FOIA denials in FY 2007 and 66 percent in FY 2008. 9 This exemption is most frequently applied to requests for records from the Division of Enforcement’s (Enforcement) investigative caseload. We determined that the deficiencies in the SEC’s method of processing FOIA requests may account for the frequent use of the FOIA exemption (b)(7)(A) and may also contribute to request responses identified as “No Information Found.” These deficiencies initially occurred due to inadequate search capabilities such as searching for documents in key databases. Secondly, we found that documents are not sufficiently inspected to determine if the information is potentially responsive and if it can be disclosed. Finally, the volume of Enforcement’s records prohibits the efficient and timely review of documents. The steps taken by FOIA/PA Office staff and liaisons to process FOIA requests for information from The Division of Enforcement (Enforcement) are as follows: • A FOIA/PA Office staff member initially conducts a search in available databases to determine if information is available that is related to the subject of the request. The database for searching investigative files is the Enforcement’s Name Relationship Search Index (NRSI) database.

9

U.S. Securities and Exchange Commission Freedom of Information Act Annual Report for Fiscal Year 2007, October 1, 2006 to September 30, 2007 and Fiscal Year 2008, October 1, 2007 to September 30, 2008.
September 25, 2009

Review of the SEC’s Compliance with FOIA Report No. 465

Page 11

This step is completed in compliance with the procedures that are documented in the FOIA/PA’s office Work Procedures Manual. If the NRSI does not locate a reference to the name of an individual or a company, the request disposition is categorized as “No Information Found.” • If the NRSI database locates a reference, the FOIA/PA Operations staff refers the request to the Enforcement liaison who extends the search for potentially responsive information using the Case Activity Tracking System (CATS 2000) database to conduct a more detailed search. If the CATS 2000 indicates that the subject of the request is associated with an “open” investigation or if the information in the CATS 2000 is sufficiently detailed, the FOIA liaison will recommend that the information is not released or is not responsive to the request. The SEC’s FOIA response cites the FOIA exemption, which most frequently is (b)(7)(A), and concludes that disclosing the requested information would interfere with Enforcement’s proceedings. Generally, there are no further searches. If either the NRSI or CATS 2000 database indicates that a case is open but has no investigative activity or is nearing completion, the Enforcement liaison may contact the case attorney for further information or recommend that the FOIA staff refer the request to a regional office liaison who determines the location of records that are responsive to the request and then estimates the volume of information to be processed. Based on the liaison’s estimate, the FOIA staff contacts the requestor with the cost estimate before proceeding further.

We found that in many cases, this search process actually prevents the discovery of information that is responsive to FOIA requests. During interviews we conducted, staff members identified a number of weaknesses in the NRSI database, which is described as an abstracted summary of the information that is available in CATS 2000. Repeated studies issued by the Government Accountability Office (GAO) identified ongoing deficiencies and weaknesses in Enforcement’s information systems, including CATS 2000, such as inadequate integration with other systems for data entry and case record updates. 10 Also, a report the SEC OIG issued in September 2008 revealed that not all Enforcement staff used CATS 2000 to record investigative activity. 11 The Enforcement’s FOIA liaison, corroborated by a GAO review, established that a weakness in the CATS
Government Accountability Office (GAO), Greater Attention Needed to Enhance Communication and Utilization of Resources in the Division of Enforcement, 09-358, March 2009. See also GAO Report 07-830, and GAO Report 05-670. 11 SEC Office of Inspector General, Survey of Enforcement’s HUB System, Report, No. 449, September 29, 2008, p. 12. Review of the SEC’s Compliance with FOIA September 25, 2009 Report No. 465
10

Page 12

2000 and NRSI systems is that even though a number of investigative cases may no longer be active, they have not been officially closed in the databases. 12 The effect of this weakness is that Enforcement investigations, which for all intents and purposes, are closed, appear in the databases as open. Therefore, the initial decision, determining if any response information is available, can be faulty because searches are conducted using databases that have incomplete and inaccurate information. Thus, searches would show that an Enforcement investigation is open when it is in fact essentially closed, so the requested FOIA information relating to that investigation could actually be produced. The second deficiency that contributes to the inappropriate application of FOIA exemption (b)(7)(A) is based on the SEC staff’s judgment that without the visual inspection of documents, the disclosure of any information (including information available publically) constitutes “interference with law enforcement proceedings.” There is not a well-documented process for reviewing documents to segregate potentially responsive documents that can be disclosed and, thus, the search may not be sufficient—particularly to justify an all-inclusive denial that is based on FOIA exemption (b)(7)(A). Many decisions concerning the responsiveness of the records are inferred broadly from the recorded narratives in the CATS 2000 and not by reviewing actual documents. Notwithstanding Enforcement’s recent efforts to close cases that are inactive, cases labeled as “open” that show some investigative activity in the CATS 2000 are most often presumed to be exempt from disclosure unless the Enforcement FOIA liaison can determine that a case is waiting for payments (e.g., penalties or disgorgements) and that responsive information--with proper approval--can be disclosed. Thus, instead of actually reviewing relevant documents relating to the investigation that is the subject of the FOIA request, the FOIA liaison relies upon a database that does not fully have accurate information and makes the decision to withhold any and all potential responsive documents in their entirety. Also, we determined that insufficient time and attention is paid to determining if a partial FOIA release could be made. The third obstacle encountered by the Enforcement FOIA liaisons and the FOIA/PA Office staff is the volume and organization of documents that have to be reviewed, segregated, and redacted to properly process the information that is subject to FOIA exemption (b)(7)(A). Consultations with information management staff from Enforcement reveal that the volume of information has increased beyond the capabilities of the available staff to address FOIA requests. The result is that case records, whether closed, open and inactive, or open and active, are not consistently reviewed for information that might be responsive to FOIA requests, because an exhaustive search to segregate releasable documents is often judged not to be feasible. While the volume of records is
12

GAO Report: 09-358, p. 18. Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 13

never stated as a basis for a denial, the expense and time that is needed to review the documents effectively deprives the requester of a legitimate response. The inadequate review of documents is not limited to documents from Enforcement. For FOIA requests in other SEC offices/divisions, there are similar processes that may also be inadequate. The steps are similar to the process followed by the Enforcement liaisons. The FOIA/PA Office analyst sends the relevant office or division a copy of the FOIA request and asks the liaison to reply with the responsive records. If the liaison determines there are responsive records, the records are usually sent to the FOIA/PA Office for processing and subsequent release. If the liaison indicates that there are no responsive records, or that an exemption to the disclosure applies, the FOIA analyst does not review the records to confirm the liaison’s judgment.

Administrative Appeals of Exemption (b)(7)(A)
We also found evidence that OGC supports and defends the practice of limited and perfunctory document review. 13 We examined 19 FOIA appeal file cases that were closed during FY 2007 and FY 2008. Our sample of 19 administrative appeal files included 16 appeals from commercial requestors, 2 from media requesters, and a disputed fee charge from an individual requestor. Based on our review, we found 10 examples of legal memoranda that were prepared by OGC attorneys and contained standardized, boilerplate legal explanations upholding the SEC’s routine application of FOIA exemption (b)(7)(A). The legal memoranda clearly stated the Commission’s policy as follows: The appeal file reflects that the FOIA/PA Officer acted consistently with the Commission’s policy related to requests for information contained in active investigation files. (A footnote further explained: “The FOIA/PA Officer, as is routinely done with such requests, withheld the investigatory information in its entirety.”) Some appeal case files that OIG examined for this review had notes and copies of emails that documented OGC attorneys’ attempt to verify the status of a case that was presumed to be “open,” prior to the appeal being decided. However, there was no record or any affidavit confirming a document review was completed, nor verifying that responsive records were withheld “which, if released, could reasonably be expected to interfere with Enforcement’s
13

According to the DOJ’s Office of Information Policy, the SEC received the third highest number of appeals among all federal agencies and departments that reported FOIA data to the Department of Justice for FY 2008. Department of Justice Summary of Annual FOIA Reports for FY 2008. The inadequate searches for responsive documents described above may account for a large number of the administrative appeals for denied information. Review of the SEC’s Compliance with FOIA September 25, 2009 Report No. 465

Page 14

proceedings,” neither at the time of the initial FOIA response, nor at the time of the appeal. The FOIA stipulates exemptions from disclosure as: … records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information . . . could reasonably be expected to interfere with enforcement proceedings. . . . [Furthermore] . . . Any reasonably segregable portion of a record shall be provided to any person requesting such record after deletion of the portions which are exempt under this subsection. 14 In our review, we found many cases where no efforts were made to segregate portions of records for disclosure purposes. Accordingly, the effect was a practical presumption in favor of withholding information, rather than the disclosure as required by the Freedom of Information Act. Of the 1,192 exemption denials that the FOIA/PA Office issued in FY 2008, 196 or 16 percent of the requesters filed appeals. In FY 2007, there were 865 denials and 143 (16 percent) were appealed. We found that when an initial FOIA decision is appealed, while a thorough review of responsive documents is still not performed, OGC personnel will at least contact the staff attorney assigned to the investigation that is the subject of the FOIA request and obtain oral confirmation on the status of the investigation. However, because only a small percentage of requesters challenge the initial denial by filing an appeal, the majority of requesters are deprived of this added step that is taken by OGC counselors. The practice of the SEC not conducting a document-by-document review has been challenged and has resulted in censure by the courts on two recent occasions. 15,16 These court decisions reveal the SEC’s consistent pattern of non-disclosure expose the Commission to the costs of litigation and negative

5 U.S.C. §552: The Freedom of Information Act. (b), The Freedom of Information Act Guide, http://www.usdoj.gov/oip/foia_guide07.htm. March 2007, Printed on June 2, 2009. 15 Gavin v. SEC, No. 04-4522 2006 WL 1738417 at *3 (D. Minn. June 20, 2006) wherein the court stated that the SEC “continually and deliberately stalled in fulfilling its obligations to conduct a document-bydocument review of material it seeks to withhold pursuant to Exemption 7(A). In doing so the SEC has attempted to play by its own rules and [has] disregard[ed] the law.” See Freedom of Information Act Guide, p. 697. 16 Aguirre v. SEC, No. 06-1260, 2008 WL 1934342 at *69 (D.D.C. Apr. 28, 2008) the court finds that "there can be no doubt that the SEC has failed to demonstrate the adequacy of its search." SEC's declaration [of search for responsive documents] "lacks detail and it makes no reference whatsoever to the search terms or methods used. Instead, it merely states that SEC staff ‘reviewed their work files’ and ‘followed standard procedures.’’ " http://www.usdoj.gov/oip/foiapost/2008foiapost20.htm Review of the SEC’s Compliance with FOIA September 25, 2009 Report No. 465

14

Page 15

publicity. 17 OIG determined that the current SEC practice and policy disregards the intent of FOIA to maximize disclosure and, more importantly, negates the principle of openness in government that is embodied by FOIA.

Lack of FOIA Policy and Procedures
Of the 19 FOIA liaisons we interviewed, only 2 liaisons provided OIG with any written policies and procedures for processing FOIA requests. Most liaisons that did not have written procedures indicated that they had extensive experience and were able to adapt their response to the requests appropriately, though the steps that were followed varied. Staff in the FOIA/PA Office provided OIG with the office’s procedure manual. A revision of the manual was planned at the time of this review. It was supplemented by interim written guidance. FOIA/PA Office staff believe that FOIA is not a priority within the Commission and FOIA requests do not receive appropriate attention when they are referred to Commission divisions/offices. Similarly, FOIA liaisons reported that they often have competing priorities or workload pressures that impact their ability to adequately address FOIA requests. Liaisons acknowledged that the FOIA/PA Office staff has procedures that guide FOIA request processing. However, liaisons are not well-informed about the procedures. Some liaisons developed their own informal FOIA practices. Others stated that the process depended on the nature of the FOIA request. Thus, FOIA processing is variable and inconsistent throughout the SEC. Absent any formal Commission-wide guidelines and adequate control mechanisms, we found examples of noncompliance, errors, and confusion among all FOIA staff in addressing the appropriate release of information. Some examples and complaints OIG identified were: • • • • • •
17

Discrimination towards some requesters such as commercial requesters whose requests have been identified as an “inappropriate use of FOIA;” 18 Improperly processing confidential treatment requests; The lack of consistency processing requests and applying exemptions; Confusion assigning responsibility for redacting confidential information; Disclosing information without consulting with the FOIA/PA Office or the information source(s); Mismanaging sensitive information;

Morgenson, Gretchen, Deafened by the SEC’s Silence, He Sued, New York Times, May 28, 2006. http://www.nytimes.com/2006/05/28/business/yourmoney/28gavin.html. 18 The SEC’s “Freedom of Information Act Program Action Plan” June 13, 2006 and revised October 13, 2006 and February 1, 2008, p. 4. Review of the SEC’s Compliance with FOIA September 25, 2009 Report No. 465

Page 16

• • •

Compliance with the time limitations requiring request to responses in 20-days; Lack of opportunity for feedback, review, or approval of the final FOIA responses that are sent by the FOIA/PA Office staff; and Low priority given to FOIA responsibilities Commission-wide.

Two recent instances demonstrated the negative impact of the SEC’s lack of clear policies or processes regarding the release of sensitive information that may be contained in FOIA responses. In one case, the Commission released documents before the affected office or division was given the opportunity to review the redacted releases. The second case involved the release of a document that was provided directly to a requester by OGC without the knowledge of the affected office or the FOIA/PA Office. The impact of releasing this information could have potentially impaired an investigation and jeopardized the FOIA process. We conducted interviews with requesters and FOIA customers and found that the Commission’s lack of clarity and commitment to the intent of the Act is obvious. For example, some requesters reported that while the FOIA/PA Office staff was very pleasant, their experience with the FOIA process was “overall frustrating.” Not only were requesters concerned about the “misleading” length of time that it takes to respond to FOIA requests, they also noted the “extraordinary variability” of the service they experienced. Several requesters indicated that the FOIA/PA Office staff did not inform them about the status of their requests and further stated there was “little confidence in the process” or evidence of a “good faith effort.” Several requestors stated that the FOIA/PA staff members “did all they could” but they would like to see more “transparency” from the Commission. One requestor informed OIG that there were difficulties with the Commission’s FOIA process that “bordered on abusive.” These issues were not equally reported by staff members across the Commission or by all requesters. But, the fact that these issues were raised by the public, as well as by SEC staff members indicates that there is a weakness in the FOIA internal controls that puts the Commission at risk. Clear policies, adequate supervision, and specific guidelines are needed to help facilitate effective and efficient FOIA operations. This further ensures compliance with governing laws and regulations, which in turn safeguards the public’s confidence in the Commission. Recommendation 3: The Chairman’s Office shall direct the Chief FOIA Officer to ensure that: • Accurate searches are made for responsive information that go beyond information available in the databases,
Review of the SEC’s Compliance with FOIA Report No. 465 September 25, 2009

Page 17

In the event of a denial to disclose information, documented evidence is provided to certify that there was a document-by-document review to segregate responsive records.

Recommendation 4: The Chairman’s Office shall direct the Chief Freedom of Information Act (FOIA) Officer to provide guidelines or written policies and procedures for all FOIA related staff that specifically address the concerns raised in this review, as follows: • • • • • • • • • Discrimination towards some requesters; Improperly processing confidential treatment requests; The lack of consistency in processing requests and applying exemptions; Confusion in assigning responsibility for redacting confidential information; Disclosing information without consulting with the FOIA/PA office or the information source(s); Mismanaging sensitive information; Failure to comply with the time limitations requiring request to responses in 20-days; Lack of opportunity for feedback, review, or approval of the final FOIA responses that are sent by the FOIA/PA office staff; and Low priority given to FOIA responsibilities Commission-wide.

Finding 3: The OGC May Not Provide an Unbiased Review of FOIA Appeals
There is an inadequate separation of administrative functions in the FOIA appeals process that compromises a fair and unbiased review of FOIA appeals. Individuals who participate in making the initial FOIA determination cannot participate in the adjudication of FOIA appeals. A FOIA requester has the right to appeal decisions that are made by the FOIA/PA Office. The appeal is sent to the FOIA/PA Office and to OGC where it is reviewed and adjudicated within 20-business days. To understand the Commission’s appeal process, we reviewed a judgmental sample of 19 appeal

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 18

files. 19 The sample population consisted of appeals that were submitted by the typical appellant. All appeal files, except for three, were from commercial requestors who had appealed the SEC’s initial response. The three noncommercial requestors in our sample consisted of two media requesters, and an individual requester who was disputing a fee charge. We issued a survey to FOIA liaisons and found that 60.6 percent identified OGC as a resource for information about the FOIA. The FOIA/PA Office staff and liaisons throughout the Commission told us they often sought advice from OGC concerning the correct interpretation and application of exemptions during the initial processing of FOIA requests. The survey also revealed that a number of FOIA liaisons are attorneys who have the capability (with some training) to decide how to apply exemptions to FOIA responses on behalf of their office or division. However, not all liaisons are lawyers and they may not have access to legal support within their office or division or from the FOIA/PA Office. We found that some personnel in OGC, who counsel staff during the initial FOIA request process, may later evaluate the same appeal decision. This results in a potential conflict of interest that raises concerns about OGC’s ability to render unbiased appeal opinions. Some FOIA liaisons stated that OGC counselors are careful to provide options and legal considerations without making a recommendation. OGC counselors acknowledge that they may give advice in the initial FOIA request process, and later make a recommendation on the same matter if the decision is appealed. But OGC counselors argue that they are able to separate the advice they give in the initial decision from making recommendation for appeal determinations. Furthermore, they stated that they can assess the merits of an appeal independently and objectively even when they have given advice on the initial decision. The Associate General Counsel stated that he believes that “the practice (of providing advice regarding the FOIA) is not only appropriate, but he encourages it.” Other personnel we interviewed indicated that OGC’s role was necessary because legal expertise was not available until recently within the FOIA/PA Office to support the FOIA liaisons needing legal advice. The Administrative Procedure Act 20 that governs the practice and proceedings of federal administrative agencies such as the SEC states as follows: An employee or agent engaged in the performance of investigative or prosecuting functions for an agency in a case may not, in that or a factually related case, participate

The list was generated by the FOIAXpress Tracking System, which is the FOIA/PA Office’s FOIA request tracking system. 20 5 U.S.C.A. §554 (d) (2): Adjudications. Review of the SEC’s Compliance with FOIA September 25, 2009 Report No. 465

19

Page 19

or advise in the decision, recommended decision, or agency review . . . . The “separation of powers” is an administrative principle of safeguards to limit the authority and actions of staff to ensure accountability, impartiality, and objectivity. We determined that this principle also applies to processing FOIA requests and appeals. Under the CFR, requests for information under the FOIA are directed to the FOIA/PA Officer. 21 Staff in the FOIA/PA Office, together with Commission staff members who are subject matter experts, have the authority to grant or deny FOIA requests and to determine the proper FOIA exemption. The OGC has “the authority to grant or deny all appeals. . .” 22 The SEC’s current practice of having the OGC attorney that provides advice to initially deny a FOIA request and then decides the appeal based on his/her own advice, compromises the FOIA process and deprives FOIA requesters from receiving an impartial and unbiased review during the appeal process. 23 Recommendation 5: The Office of General Counsel shall provide and enforce a clear policy of the separation of roles and responsibilities and stipulate that the Office of General Counsel lawyers who provide advice and counsel regarding any initial Freedom of Information Act request shall not participate in the appeal process. Recommendation 6: The Chairman’s Office shall direct the Chief Freedom of Information Act (FOIA) Officer to ensure that sufficient legal expertise is available to the Office of Freedom of Information Act/Privacy Act Operations staff to process FOIA requests in compliance with the Freedom of Information Act, to correctly apply the exemptions, and to provide legal support to Commission staff regarding the Act.

17 CFR 200.80(d)(1): Requests for Commission records and copies thereof-17 CFR §200.80(d)(6): Administrative Review. 23 The OGC points out that under the CFR, OGC is “the Commission’s advisor with respect to legal problems arising under the Freedom of Information Act . . . .” 17 CFR §200.21 (a). While that is true, the CFR also specifically provides that the Chairman or General Counsel may separate these functions if the lack of a separation would be deemed “inappropriate.” 17 CFR §200.21 (b)(1)(2). Review of the SEC’s Compliance with FOIA September 25, 2009 Report No. 465
22

21

Page 20

Finding 4: FOIA Responsibilities Have Not Been a Commission Priority
Commission managers have not applied adequate management, supervision and personnel practices concerning its staff responsible for FOIA processing. These deficiencies include providing training opportunities, and including FOIA liaison duties in position descriptions and performance standards. All Commission staff needs FOIA related training commensurate with their level of FOIA responsibilities.

Issues Faced by all FOIA Staff
The burden to meet the Commission’s obligation to obey the law is incorporated in the Act and falls mostly on the FOIA/PA Office staff and the FOIA liaisons. Responding to the FOIA requests involves virtually all Commission staff. Requests are physically received and transmitted back through the FOIA/PA Office staff, but the FOIA liaisons facilitate substantive searches. Liaisons need subject matter experts (i.e., investigators, analysts, administrators, etc.) who are most familiar with the information to produce the response to FOIA requests and who must understand the increasingly stringent requirements of the FOIA. As the axis of the Commission’s FOIA process, the FOIA/PA Office staff and FOIA liaisons have common observations and challenges that they face in responding to FOIA requests. These include: • • • • • • • • Mandated time limitations that do not account for the complexity of Commission activities; The sheer volume of information generated by the Commission; Multiple information and records systems; Increasing numbers of FOIA requests; Rising requester expectations for responsiveness; Sophisticated and complex FOIA requests; Conflicting work priorities wherein addressing FOIA requests competes with “substantive work;” and The SEC’s functions emphasizing the protection of information that conflicts with the FOIA’s objectives for openness and transparency.

The FOIA Liaisons
The FOIA/PA office staff has successfully developed efficient response processes for the majority of requests that are received, especially in addressing
Review of the SEC’s Compliance with FOIA Report No. 465 September 25, 2009

Page 21

responses to commercial vendors. However, when a request requires additional consultation or research, the request is referred to a FOIA liaison. The FOIA liaison’s role in facilitating a timely and appropriate response and returning the information to the FOIA/PA Office is pivotal to the Commission’s success in processing FOIA requests. To understand the concerns experienced by the FOIA liaisons, in May 2009, we distributed a survey to all the SEC’s designated FOIA liaisons and the FOIA/PA Office staff. There are 40 designated FOIA liaisons that are in 33 Commission offices or divisions and 72.7 percent responded to our survey. The FOIA liaison responses to the survey revealed the following: • Eighty-seven percent spend as little as 10 percent and as much as 40 percent of their time processing from 3 to 50 requests each month. 24 For the remaining liaisons, responding to FOIA requests is their full-time role. Fifty-three percent “Agree” that processing FOIA requests interferes with their normal workload. Fifty-four percent of FOIA liaisons reported that their FOIA responsibilities were not included in their position description or performance plans. Twenty-one of 33 (63.6 percent) respondents reported that they had no prior FOIA-related experience. Only five out of 33 liaisons indicated they had received formal training. Most liaisons reported that they relied on their predecessors, or relied on FOIA/PA Office staff (83.8 percent) or OGC staff (60.6 percent) to answer their questions about FOIA. Almost all respondents indicated that training is needed to understand the FOIA/PA Office procedures and to better understand the FOIA law; specifically they requested updates in appeal and trial cases, applying exemptions, Privacy Act training, and the opportunity to attend Department of Justice FOIA-sponsored classes.

• • • • •

Almost all the liaisons’ FOIA job duties and responsibilities are secondary to their primary job. The majority of liaisons reported they were not clear on how or why they were assigned as a FOIA liaison. One liaison reported feeling she was “being punished” when she was assigned to be the FOIA liaison. Many liaisons
This estimate excludes the number of FOIA requests processed by three offices/divisions that receive from 100 to 500 FOIA requests per month. For FOIA liaisons with a high FOIA request volume, FOIA duties may be their primary job. Review of the SEC’s Compliance with FOIA September 25, 2009 Report No. 465
24

Page 22

do not believe that their FOIA role is valued. Another liaison said that “FOIA is the step-child” of the Commission. Further, some liaisons complained about staff or management’s apathy, the lack of cooperation from colleagues, and staff’s resistance towards FOIA responsibilities. Liaisons also expressed concern about the FOIA/PA Office staff. Liaisons reported that FOIA/PA Office staff sometime makes “small but critical” errors when referring FOIA requests. There are also questions about the methods that are used to search databases and public sources in responding to FOIA requests that are incorrectly referred to liaisons. In addition, there is concern that the FOIA/PA Office does not have adequate resources to address complex legal questions. Finally, FOIA liaisons reported that there is insufficient communication and feedback between the FOIA/PA specialists and OGC concerning FOIA decisions to redact, disclose, or deny information, which exemptions should be applied, and the outcome of appeals.

The FOIA/PA Office Staff
Since 2007, the FOIA/PA Office has reduced its FOIA request backlog substantially. Both the FOIA/PA Office staff and liaisons report that the FOIA process has improved and both groups appreciate their mutual roles and value each other’s friendship and cooperation, yet all agree there are areas that need improvement. In May 2009, we distributed a survey to FOIA staff to better assess their concerns, challenges, and successes. Nineteen of 24 (or 79 percent) of the FOIA/PA Office staff responded to the survey. The FOIA/PA Office staff attributes their success in managing a large volume of FOIA requests and reducing its backlog to good management within the office. They say that streamlined procedures and a tracking system, the FOIAXpress, have enhanced the staff’s efficiency. Sixteen of 19 (or 84.2 percent) of the FOIA/PA Office staff reported participating in one or more FOIA-related training opportunities. However, in the survey, the respondents also identified the following difficulties they have experienced in responding to FOIA requests: • • • • • • • Receiving untimely responses from liaisons; Locating documents; Dealing with the cumbersome organization of some documents; Verifying the volume of responsive documents, especially electronic documents; Confirming the correct FOIA exemption to apply; Segregating responsive information from exempted or non-responsive information; Redacting confidential information;
September 25, 2009

Review of the SEC’s Compliance with FOIA Report No. 465

Page 23

• • • •

Identifying and protecting confidential sources; Confusing procedures that cover confidential treatment requests; Changing/evolving FOIA interpretations; and Negative reactions from requesters.

The FOIA/PA Office staff has become an efficient and productive unit. They have successfully negotiated with a majority of the commercial vendors making FOIA requests to ensure timely and appropriate responses. In FY 2007 and 2008 commercial vendor requests accounted for 96.8 and 95.7 percent, 25 respectively, of the FOIA/PA staff workload. These successes, in addition to reducing the backlog, were achieved during FY 2007 and FY 2008, though the office’s staffing level did not increase. The office effectively uses the FOIAXpress system to manage its FOIA requests and report they are constantly seeking to improve the overall quality of FOIA processing. However, like the concerns expressed by the FOIA liaisons, many of the FOIA/PA staff members observed that FOIA requests are becoming more complicated and that requesters are demonstrating increasing sophistication in their requests.

The Importance of Staff for Effective FOIA Implementation
The Executive Order 13392 Implementation Guidance provided by the Department of Justice (2006), identified 27 “potential improvement areas” for agencies to consider when developing their FOIA processing improvement plans; seven of these improvement areas addressed personnel issues. These include: • • • • • • • Obtaining the necessary cooperation from program personnel; Incorporating ideas from field office personnel; Adding FOIA-related training opportunities; Providing training on FOIA exemptions; Increasing staffing (where applicable); Changing personnel practices such as job series, grades, etc.; and Utilizing contract employees. 26

  Subsequently, the OPEN Government Act established more rigorous expectations such as the time that is allotted to respond to requests, thus placing greater demands on staff numbers as well as staff’s skills. In recognition of the impact on FOIA staff, the Act placed special emphasis on the importance of personnel policies. The Act directed the Office of Personnel Management (OPM) to recommend personnel changes that could be made to “enhance the stature” of government employees involved in administering FOIA. 27 In response, Michael W. Hager (Acting Director, OPM), in a letter to the Former Vice President Richard
25 26

Special report produced by FOIAXpress and presented by the FOIA/PA Officer, June 17, 2009. http://www.usdoj.gov/archive/oip/foiapost/2006foiapost6.htm 27 OPEN Government Act: §11: Report on Personnel Policies Related to FOIA. Review of the SEC’s Compliance with FOIA September 25, 2009 Report No. 465

Page 24

B. Cheney on December 16, 2008, advised that agencies have the responsibility and the authority to establish employee performance standards, improve recruiting and selection methods, set minimum rates of pay, establish career advancement tracks, and determine training requirements. Attorney General Holder, in his March 19, 2009 Memorandum to the Heads of Executive Departments and Agencies, affirmed the responsibility of all staff to respond to FOIA requests and highlighted the key role played by FOIA professionals. In the past, the Commission’s response to the FOIA Act may be characterized as “crisis management.” For example, to address the FY 2007 and FY 2008 backlog, the Commission achieved important advances in FOIA request processing by creating systems and mobilizing staff in response to recommendations from OIG Report No. 422. However, it appears there was no Commission-wide oversight to address on-going and future needs. As described by the FOIA staff that is responsible for compliance with the FOIA, management has not addressed basic personnel practices, has neglected to develop and provide training opportunities, and has not addressed staffing needs to meet the current and expected future FOIA demands. Recommendation 7: The Chairman’s Office shall direct the Chief Freedom of Information Act (FOIA) Officer to collaborate with the respective office and division managers and the Office of Human Relations to review position descriptions of current Freedom of Information Act/Privacy Act (FOIA/PA) staff and FOIA liaisons to include staff’s appropriate FOIA task descriptions, performance standards, and review pay grades to ensure that they reflect actual FOIA responsibilities and duties. Recommendation 8: The Chairman’s Office shall direct the Chief Freedom of Information Act (FOIA) Officer to ensure that appropriate training opportunities are provided to all Commission staff that is appropriate for their level of FOIA responsibilities to effectively and efficiently process FOIA requests.

Finding 5: FOIA Processing Needs Improved Information Management
FOIA reviews are hindered by the variety of and inconsistencies in databases and record-keeping practices. In addition, there is a lack of clear policies for management of both paper and electronic documents. Further, the OIG Report No. 422 recommended that read-only access to the
Review of the SEC’s Compliance with FOIA Report No. 465 September 25, 2009

Page 25

FOIA request database should be made available to all FOIA liaisons. At the time of this review, only three FOIA liaisons had been making use of FOIAXpress. Since 2004, the Commission has taken important policy and procedural steps to address the demand that information is made more accessible on the SEC’s website. However, the number of FOIA requests has not decreased as was expected. Instead, the number of FOIA requests increased by approximately 6 percent between FY 2007 and 2008. Over 95 percent of the 8,000 to 10,000 FOIA requests that the Commission receives each year are from commercial users. FOIA/PA Office staff negotiated with commercial vendors to tailor their FOIA requests so that the data is readily available and to ensure the FOIA/PA Office staff serve the vendor needs more efficiently. The vast majority of these requests can be researched quickly. However, the sheer quantity of request consisting of 4,143 commercial FOIA requests that were processed in 2007 and 8,545 commercial requests that were processed in 2008, consumes the FOIA/PA Office resources. The SEC’s Annual Reports that were submitted to the Department of Justice for FY 2007 and 2008 28 identify the median 29 number of days it took the SEC’s FOIA/PA Office to process FOIA requests. The relative amount of effort that is required to process these requests is categorized as “simple” or “complex.” A third category, “expedited” processing, requires that the FOIA/PA Office respond to the requester within 10 rather than the typical 20-days. Expedited processing is infrequently granted. 30 Table 5: Median Days Needed to Process FOIA Requests Simple Requests  FY 2007 FY 2008 
a. Number of requests processed  b. Median number of days to process  Complex Requests    a. Number of requests processed  b. Median number of days to process  Requests accorded expedited processing   a. Number of requests processed  b. Median number of days to process  9,652 67 2,912 705 0 0 15,463  66    65  570    2  2 

Source: SEC FOIA/PA Office Annual Reports for Fiscal Years 2007 and 2008

SEC Freedom of Information Act Annual Report for Fiscal Year 2007, October 1, 2006 to September 30, 2007 and Fiscal Year 2008, October 1, 2007 to September 30, 2008. 29 The median is the middle, not the average number. For example, of the numbers 3, 7, and 14, the median number is 7. 30 17 CFR, §200.80 (d)(5)(iii): Expedited Processing. Review of the SEC’s Compliance with FOIA September 25, 2009 Report No. 465

28

Page 26

Table 5, Median Days Needed to Process FOIA Requests, indicates that “simple” requests took 67 median days to process in FY 2007 and 66 median days in 2008. The median number of days it took to process “complex” requests was 705 days in 2007 and 570 days in 2008. Interviews with FOIA staff as well as FOIA liaisons reflect the general impression that responding to FOIA requests has become more difficult to complete within the required 20-working days that is allotted under the Act and even with the additional days that are allowed by law for unusual and exceptional circumstances and even though extensions can be given with the requesters’ permission. The OIG determined that the Commission’s effort to address FOIA requests in a timely manner is not sufficient.

Information and Records Management
Interviews with the FOIA/PA Officer and staff suggest that a number of factors inhibit the rapid search and review of responsive records. These factors include large volumes of documents that must be reviewed, the problematic organization of documents, locating files from within the Commission’s headquarters and the 11 regional offices, files must be retrieved from long-term storage, and files that may already have been disposed of, or may be lost. One of the most frequently requested records are Enforcement’s investigative files. An initial search to locate investigative files begins with the NRSI database, which may not be accurate. Potentially responsive files maintained in the regional offices must be boxed and shipped to headquarters. Files may be in transit, or have already been transferred to the Branch of Records Management (BRM) for storage. The BRM manages the tracking of records that have been sent to the Federal Records Center. Records can also be retrieved from longterm storage at various Iron Mountain facilities. Records that are sent to storage facilities require additional time to search and be delivered to the requesting office. In most cases, there are no indexes to these paper records. Interviews with the Commission Archivist and a review of BRM management reports confirm that the FOIA/PA Office is the single biggest user of the BRM and accounted for 80 percent of all the requests in FY 2008, for which 68.7 percent were delivered to the FOIA/PA Office. The FOIA/PA Officer credits the BRM for improving service in the past two years, but stated that waiting for off-site records either from the regional offices or from BRM accounts for much of the time that is used to process FOIA requests. When files are located, the staff assesses the likely presence of the responsive files. According to instructions from an Enforcement Memorandum issued on August 20, 1993, investigative files are organized by their content into categories A through F. Most of the records such as Category A – “Transcripts,” or
Review of the SEC’s Compliance with FOIA Report No. 465 September 25, 2009

Page 27

Category B – “The Commission’s Official Records,” all have specific instructions to segregate the information into folders and to index the material in order to identify the information in the folder. Category F is a general category that contains records that are “subject to a FOIA request.” The memorandum further states that: “no index is required for (Category F) records.” Lacking any other organizational principle, FOIA/PA staff must review Category F records page by page, to determine what information is responsive for a given FOIA request. The requested records can range from a small folder to hundreds of boxes of paper documents. Increasingly, documents and evidence that the SEC accumulates are provided in electronic formats. Interviews with staff in Enforcement and FOIA/PA Office staff suggest that electronic records are also problematic. Electronic formats often exacerbate the volume, as well as the complexity and variety of evidence that is accumulated in the course of an investigation. For example, Enforcement staff explained that the entire content of several computers may be submitted as support documentation for an investigation. Organizing such information in order to facilitate the retrieval and review of complex and voluminous records challenges the FOIA process even further. The work flow priority for the FOIA/PA Office staff is to process current requests first. FOIA/PA Office procedures indicate that any FOIA request response that requires the review of three or more boxes of documents should be placed in a multi-tracked “first-in, first-out” (FIFO) queue, and are processed as staff becomes available, in the order of receipt and in agreement with the FIFO process. Examples of requests containing large volumes of material include a request (pending since 2005) that consisted of 300 boxes of records and was only just completed in 2009. Another request, now under review, contains more than 245 boxes of records. Currently, there are 17 pending FIFO requests, but only three requests are being reviewed at this time. Using the FOIAXpress, the FOIA/PA staff periodically sends letters to the requesters confirming their continued interest in receiving a response for these requests. Many requesters withdraw their request for long-delayed FIFO documents. The FOIA/PA Officer confirms that the current staffing level is not sufficient to process FIFO requests in a timely manner. On occasion, staff is diverted to support OGC during FOIA litigation, because litigation support supersedes FIFO requests. While the FOIA/PA Office staff points to the impressive progress that they have achieved in reducing the number of pending FOIA requests, the obstacles experienced by the Commission’s record retrieval system and the cumbersome organization of records continues to hinder the Commission’s ability to respond to FOIA requests in a timely way.

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 28

Access to the FOIAXpress System
In 2007, the OIG conducted an audit of the Commission‘s FOIA backlog and issued Backlog of FOIA Requests For Comment Letters, Report No. 422 on March 30, 2007. The audit report consisted of eight recommendations (Recommendations A - H) and found, among other things, that the FOIA liaisons did not have access to the FOIAXpress tracking system and database. In the audit report, recommendation G specified that the FOIA/PA Office provide such access to FOIA liaisons in the other offices and divisions who respond to FOIA requests. In its response to the recommendation, the FOIA/PA Office indicated that it planned to provide FOIA liaisons with read-only access to the FOIA request database. However, Recommendation G has not been fully implemented. Only 3 of 19 designated FOIA liaisons in OGC and the Corporation Finance reported that they had read-only access to the FOIA database and use the FOIAXpress regularly to check the FOIA cases that are assigned to them. Other liaisons we interviewed stated they did not know they had access to the FOIAXpress and did not know how they would use the information to facilitate FOIA work. Most of the liaisons have developed their own tracking system and logs to aid in monitoring the progress of FOIA requests and to document actions that were taken on FOIA requests. Several liaisons used Excel spreadsheets as their tracking system or log, and indicated that it took a significant amount of time to re-enter data that duplicates information already existing in FOIAXpress. Some liaisons stated they found inconsistencies between their own logs and a year-end report that was generated by FOIAXpress. Liaisons expressed doubt about the accuracy of information in the FOIAXpress. The FOIA/PA Officer stated that all FOIA liaisons were informed that they could have read-only access to FOIAXpress, and those who responded received training on how to download the request information (e.g., FOIA number, name of the requester, received date, target date of the request, etc.), rather than laboriously re-entering the same data into their own logs. The FOIA/PA Officer acknowledged the FOIAXpress system is not capable of recording information that is unique to each office or division, but that much FOIA request data can be exported from FOIAXpress into an Excel spreadsheet. The FOIA/PA Officer said there is no software distribution process or special identification or programming required. Some features of the FOIAXpress system are not clear and may contribute to the liaisons’ mistrust of the system. We noted the following examples:

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 29

Tracking numbers from the FOIAXpress system assigned to appeals files differed from the tracking numbers utilized by OGC. Therefore, the file numbers had to be converted in order to locate the correct appeals files. The FOIAXpress system’s record of the closing dates assigned to the appeal differed when compared to the closing dates recorded in OGC files.

The FOIA liaisons reported that the current system for processing FOIA requests involves an email notification from the FOIA/PA Office, coupled with a copy of the request. The liaison enters the information into an Excel spreadsheet log before beginning the search for responsive records, or assigning the search to another analyst within the office or division. The liaisons reported that they were puzzled that the request might be several days old before reaching the liaison, thus reducing the amount of time available to conduct the search and return a response. The liaisons we interviewed did not have a clear understanding of the FOIA/PA Office staff processes, how liaisons could improve their responses to FOIA requests, and the way the FOIAXpress is utilized. The OPEN Government Act, specifically addresses the timeliness of FOIA responses. The conditions for “tolling” the time taken by an agency to respond to a request are specifically delineated. Some “unusual circumstances” may provide relief from time limitations, but according to the wording of the Act, “exceptional circumstances” cannot include a predictable workload of requests. 31 We found that notwithstanding the reduction of backlogs, the FIFO negatively impacts the Commission’s record of FOIA request responsiveness. Recommendation 9: The Chairman’s Office shall direct the Chief Freedom of Information Act (FOIA) Officer and the Office of Freedom of Information Act/Privacy Act Operations to collaborate with the Office of the Secretary, the Division of Enforcement, and the Office of Information Technology to produce a strategy that addresses information management obstacles hindering timely and comprehensive FOIA responses. This strategy should contain concrete recommendations, specific timelines, and cost estimates and should be presented to the Commission for action.

5 U.S.C. §552(a)(6)(C)(ii) as described in US Department of Justice, FOIA Post, http://www.usdoj.gov/oip/foiapost/2008foiapost9.htm, “Unusual circumstances” occur when there is a need to search or collect records from field offices, voluminous records, or consultation with another agency. “Exceptional circumstances: cannot include “a delay that results from a predictable agency workload. . . .” Review of the SEC’s Compliance with FOIA September 25, 2009 Report No. 465

31

Page 30

Recommendation 10: The Chairman’s Office shall direct the Chief Freedom of Information Act Officer to conduct training that is needed to fully implement the productive and suitable use of the FOIAXpress tracking and document management system.

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 31

Appendix I

Acronyms and Abbreviations
Annual Report BRM CATS CFR Enforcement FIFO FOIA FOIA/PA FOIAXpress GAO IM OGC OIEA OIG OPEN Government Act 2007 OPM NRSI SEC or Commission Service Center SEC’s Freedom of Information Act Annual Report Branch of Records Management Case Activity Tracking System Code of Federal Regulations Division of Enforcement First-in, First-out Freedom of Information Act Freedom of Information Act/Privacy Act FOIA/PA tracking and document management system Government Accountability Office Division of Investment Management Office of General Counsel Chief, Office of Investor Education and Advocacy Office of Inspector General Openness Promotes Effectiveness in Our National Government Act of 2007 Office of Personnel Management Name Relationship Search Index U.S. Securities and Exchange Commission FOIA Customer Service Center

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 32

Appendix II

Scope and Methodology
This review was not conducted in accordance with the government auditing standards. Scope. The scope of the review covered Commission FOIA activities during FY 2007 and 2008 and involved a detailed review of the policies, procedures, and processes that were in place for processing FOIA requests and appeals in an effort to determine whether they are consistent with FOIA requirements and Commission rules. The review included an analysis of the Commission’s implementation of Executive Order 13392, Improving Agency Disclosure of Information, an assessment of whether public guidance regarding FOIA requests and processing was up-to-date, and whether the Commission’s implementation of the Act was consistent with current requirements as defined in the OPEN Government Act of 2007 and the recent directives from the Attorney General. We obtained data from the FIOA/PA Office, OGC, Corporation Finance, IM, Enforcement, and BRM. Methodology. To address the objective to review the FOIA/PA Office’s compliance with applicable laws and regulations, we fielded a survey via the SEC’s intra-net to the FOIA/PA Office staff in May 2009. 67.8 percent of the FOIA/PA Office staff responded to the survey. We analyzed FOIA/PA Office staff responses to the survey to identify issues of compliance with FOIA laws, SEC regulations as expressed in the CFR and the documented policies and procedures, and we interviewed 9 of 28 the FOIA/PA Office staff members to confirm our observations. We reviewed available documentation, including policies and procedures, the FOIA/PA Working Procedure Manual, the SEC’s Annual Reports to the Department of Justice, and various tracking logs and reports. To review the FOIA Customer Service Center’s effectiveness, we conducted telephone interviews with the Commission’s most frequent FOIA requesters. Lastly, we tested data to determine if information from the FOIA/PA Office tracking and documentation system, the FOIAXpress was consistent with other reports, tracking systems, and logs. To address the objective to review the coordination with FOIA/PA Office liaison staff, select field offices, and OGC, we sent a second survey via the SEC’s intranet to all designated FOIA liaisons in all the identified SEC divisions/offices, the field offices, and OGC. We received a response from 72.7 percent of the designated FOIA liaisons to this survey. We analyzed FOIA liaison responses to the survey to identify issues of compliance with FOIA laws, SEC regulations as expressed in the CFR and the documented policies and any available written
Review of the SEC’s Compliance with FOIA Report No. 465 September 25, 2009

Page 33

procedures. We interviewed 20 of 40 FOIA liaisons in various Commission offices and divisions at headquarters and the regional offices to gain an understanding of the coordination with the FOIA/PA Office of the Commission’s FOIA process program. We collected and analyzed various tracking logs and reports and gathered information available on the Commission’s intranet. We interviewed the four attorneys in the Office of General Counsel responsible for processing and litigating FOIA appeals. To understand the Commission’s appeal process we reviewed selected appeal files. Internal Controls. We reviewed the existing internal controls that were considered significant within the context of the FOIA program and the evaluation objectives. We interviewed personnel from the FOIA/PA Office, OGC, Corporation Finance, and IM, identified and reviewed applicable policies and procedures, obtained and reviewed available FOIA program documentation, and tested data for compliance with selected policies and procedures. Prior Audit Coverage. The OIG previously conducted an audit of the Commission’s FOIA backlog and issued Backlog of FOIA Requests For Comment Letters, Report No. 422, March 30, 2007. The March 2007 OIG report made seven recommendations (Recommendation A - E, and H) to streamline and facilitate the process of proactively posting information for public access via the SEC website. We selected FOIA liaisons from the Corporation Finance and IM division/office to assess their compliance with OIG Report No. 422. Interviews with the staff responsible for implementing the OIG recommendations revealed that except for one, key recommendations have been either fully implemented or demonstrating progress. Recommendation G directed that the FOIA/PA Office implement its plan to provide FOIA liaisons with access to its FOIA request database, (the FOIA/PA tracking system is FOIAXpress), and although formally closed, has not been implemented. We found that only two offices use the readonly access to the FOIAXpress database, OGC and Corporation Finance. Use of Computer-Processed Data. We used computer-processed data such as reports generated by the FOIAXpress system, emails, logs maintained in Excel spreadsheet form. To the extent practical, we compared the data with source documents. We did not perform extensive testing of system or application controls. Judgmental Samples. All staff with FOIA-related responsibilities were offered an opportunity to respond to the two surveys. We used judgmental samples to select staff with FOIA related responsibilities for interviews; although all staff who requested an interview or identified themselves in the surveys were interviewed. We requested a list of the ten most frequent requesters from the FOIA/PA Officer in order to review the FOIA Customer Service Center’s effectiveness and we conducted telephone interviews with all 10 of the Commission’s most frequent FOIA requesters. The sample requester population consisted of 8 commercial
Review of the SEC’s Compliance with FOIA Report No. 465 September 25, 2009

Page 34

vendors and two journalists. To understand the Commission’s appeal process, we judgmentally selected 19 of 554 closed appeal files to review that covered FY 2007 and 2008. Included with these 19 were 16 appeals from commercial requestors, 2 from media requesters, and a single appeal which disputed a fee charge. We analyzed the appeal process, the number of days to completion, the disposition, and the number and kinds of exemptions cited.

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 35

Appendix III

Criteria
Freedom of Information Act, 5 U.S.C. §552: Governs the FOIA Program. Administrative Procedures Act, 5 U.S.C.A. §554: Establishes administrative rules and procedures. The Freedom of Information Act: Amended in 1974, 1976, 1986, 1996, and in 2007 to narrow the scope of FOIA exemptions and expand the scope of information available to the public by the Freedom of Information Act. H.R. 3802: The 1996 amendments to FOIA, sometimes named e-FOIA, extended FOIA’s provisions to electronic records, and requires agencies to package information electronically for any requester. Openness Promotes Effectiveness in our National Government Act of 2007 (OPEN Government Act of 2007): Further modified FOIA by codifying into law provisions of the Executive Order 13392 and added a new office: the Office of Government Information Services. Executive Order 13392, Improving Agency Disclosure of Information, issued December 19, 2005: Promotes a “customer service” orientation by requiring the establishment of public liaisons and providing tracking numbers for consumers. Agencies were to designate Chief FOIA Officers and directed to monitor specific data points and to report progress. Code of Federal Regulations, 17 §§200-239: Commodities and Securities Exchanges is the official codification of Federal regulations established under the Federal Register Act. The SEC’s Freedom of Information Act Program Action Plan: Pursuant to Executive Order 13392, as submitted to the Department of Justice and Office of Management and Budget, June 13, 2006 and subsequent revisions on October 13, 2006 and February 1, 2008. The SEC’s Freedom of Information Act Annual Reports: FY 2007, October 1, 2006 to September 30, 2007 and FY 2008, October 1, 2007 to September 30, 2008.

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 36

Attorney General's Memorandum for Heads of Executive Departments and Agencies Concerning the Freedom of Information Act, March 19, 2009.

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 37

Appendix IV

List of Recommendations
Recommendation 1: The Chairman’s Office shall fill the Chief FOIA Officer position with a qualified candidate and ensure that the Chief FOIA Officer has the appropriate authority to implement FOIA and to effectively fulfill the responsibilities outlined in the OPEN Government Act of 2007. Recommendation 2: The Chairman’s Office shall communicate on an ongoing basis to Commission employees and the public the importance of the Freedom of Information Act (FOIA) to the agency’s mission. This can be accomplished by updating the Commission’s FOIA webpage to emphasize the importance of FOIA to the public, and by issuing an SEC Administrative Notice to Commission employees on an annual basis. Recommendation 3: The Chairman’s Office shall direct the Chief FOIA Officer to ensure that: • • Accurate searches are made for responsive information that go beyond information available in the databases, In the event of a denial to disclose information, documented evidence is provided to certify that there was a document-by-document review to segregate responsive records.

Recommendation 4: The Chairman’s Office shall direct the Chief Freedom of Information Act (FOIA) Officer to provide guidelines or written policies and procedures for all FOIA related staff that specifically address the concerns raised in this review, as follows: • • • Discrimination towards some requesters; Improperly processing confidential treatment requests; The lack of consistency in processing requests and applying exemptions;
September 25, 2009

Review of the SEC’s Compliance with FOIA Report No. 465

Page 38

• • • • • •

Confusion in assigning responsibility for redacting confidential information; Disclosing information without consulting with the FOIA/PA office or the information source(s); Mismanaging sensitive information; Failure to comply with the time limitations requiring request to responses in 20-days; Lack of opportunity for feedback, review, or approval of the final FOIA responses that are sent by the FOIA/PA office staff; and Low priority given to FOIA responsibilities Commission-wide.

Recommendation 5: The Office of General Counsel shall provide and enforce a clear policy of the separation of roles and responsibilities and stipulate that the Office of General Counsel lawyers who provide advice and counsel regarding any initial Freedom of Information Act request shall not participate in the appeal process. Recommendation 6: The Chairman’s Office shall direct the Chief Freedom of Information Act (FOIA) Officer to ensure that sufficient legal expertise is available to the Office of Freedom of Information Act/Privacy Act Operations staff to process FOIA requests in compliance with the Freedom of Information Act, to correctly apply the exemptions, and to provide legal support to Commission staff regarding the Act. Recommendation 7: The Chairman’s Office shall direct the Chief Freedom of Information Act (FOIA) Officer to collaborate with the respective office and division managers and the Office of Human Relations to review position descriptions of current Freedom of Information Act/Privacy Act (FOIA/PA) staff and FOIA liaisons to include staff’s appropriate FOIA task descriptions, performance standards, and review pay grades to ensure that they reflect actual FOIA responsibilities and duties. Recommendation 8: The Chairman’s Office shall direct the Chief Freedom of Information Act (FOIA) Officer to ensure that appropriate training opportunities are provided to all Commission staff that is appropriate for their level of FOIA responsibilities to effectively and efficiently process FOIA requests.

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 39

Recommendation 9: The Chairman’s Office shall direct the Chief Freedom of Information Act (FOIA) Officer and the Office of Freedom of Information Act/Privacy Act Operations to collaborate with the Office of the Secretary, the Division of Enforcement, and the Office of Information Technology to produce a strategy that addresses information management obstacles hindering timely and comprehensive FOIA responses. This strategy should contain concrete recommendations, specific timelines, and cost estimates and should be presented to the Commission for action. Recommendation 10: The Chairman’s Office shall direct the Chief Freedom of Information Act Officer to conduct training that is needed to fully implement the productive and suitable use of the FOIAXpress tracking and document management system.

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 40

Appendix V

Management Comments

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 41

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 42

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 43

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 44

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 45

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 46

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 47

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 48

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 49

Appendix VI

Office of Inspector General’s Response to Management’s Comments
The Office of Inspector General is pleased that the Office of the Chairman concurred with the report’s 8 recommendations addressed to its office. We also note that the Office of the Chairman partially concurred with recommendation no. 3. We believe that the Chairman’s Office proposed actions are responsive to our findings and recommendations and are encouraged that the Chairman’s Office has already taken action to implement a key recommendation addressing the Chief FOIA Officer position. 32 Once all the recommendations are fully implemented, we believe that the Commission’s FOIA processes will be strengthened. We are disappointed that the Office of General Counsel (OGC) has only partially concurred with recommendations 3 33 and 5. We believe that both these recommendations are crucial to ensuring that the public is able to obtain documents under FOIA in a transparent, complete and timely manner. Recommendation no. 3 provides that where the SEC denies a request under FOIA, documented evidence should be provided to certify that there was a document-by-document review to segregate responsive materials. We believe that it is important that the SEC complies with both the letter and spirit of the FOIA. Performing a document-by-document review is a necessary step to properly withhold documents and to facilitate identification of segregable documents. As discussed in the report, although President Obama issued a Memorandum to the Heads of Executive Departments and Agencies on January 21, 2009 directing FOIA to be administered with a “presumption in favor of disclosure,” the current SEC practices have the effect of creating a presumption of withholding. It is also worth noting that in OGC’s comments to this report, it acknowledges that its position that a document-by-document review is not necessary if an agency establishes categories of documents, has also been rejected by a federal court. OGC continues to maintain this position even after our review, and after this same federal court criticized the SEC for deliberately stalling in fulfilling its obligations under FOIA in a published decision.
We note that the assertion that the Chief FOIA Officer position has been occupied continuously with senior-level staff is not entirely correct; the first assigned Chief FOIA Officer was not a senior officer. While subsequent Chief FOIA Officers may have been at the senior level, the major issue of the finding was that the position did not have sufficient support from the Commission to effectively function as a Chief FOIA Officer. 33 While recommendation no. 3 was directed to the Office of the Chairman, it was responded to by the Office of General Counsel.
Review of the SEC’s Compliance with FOIA Report No. 465 September 25, 2009
32

Page 50

With respect to recommendation no. 5, we are disappointed that OGC is unwilling to enforce a clear separation of roles and responsibilities under the FOIA, and will continue its practice of having the same personnel who counsel staff during the initial FOIA request process later evaluating the appeal decision, notwithstanding the conflict. While the Administrative Procedure Act provisions may not strictly apply in a technical sense, the administrative principle of putting in place safeguards to limit the authority and actions of staff to ensure accountability, impartiality, and objectivity are particularly applicable to FOIA, and we fear that continuing this practice will compromise the FOIA process and deprive FOIA requesters from receiving an impartial and unbiased review during an appeal.

Review of the SEC’s Compliance with FOIA Report No. 465

September 25, 2009

Page 51

Audit Requests and Ideas
The Office of Inspector General welcomes your input. If you would like to request an audit in the future or have an audit idea, please contact us at: U.S. Securities and Exchange Commission Office of Inspector General Attn: Assistant Inspector General, Audits (Audit Requests/Ideas) 100 F Street, N.E. Washington D.C. 20549-2736 Tel. # 202-551-6061 Freedom of Information Act (FOIA) Fax # 202-772-9265 Email: oig@sec.gov

Hotline
To report fraud, waste, abuse, and mismanagement at Commission, contact the Office of Inspector General at: Phone: 877.442.0854 Web-Based Hotline Complaint Form: www.reportlineweb.com/sec_oig

Sign up to vote on this title
UsefulNot useful